package leap.oauth2.webapp.token;

import java.util.Map;
import java.util.Objects;
import leap.core.annotation.Inject;
import leap.core.el.ElConfig;
import leap.htpl.HtplConstants;
import leap.lang.Strings;
import leap.lang.codec.Base64;
import leap.lang.http.ContentTypes;
import leap.lang.http.HTTP;
import leap.lang.http.Headers;
import leap.lang.http.client.HttpClient;
import leap.lang.http.client.HttpRequest;
import leap.lang.http.client.HttpResponse;
import leap.lang.json.JSON;
import leap.lang.json.JsonValue;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.oauth2.webapp.OAuth2Config;
import leap.oauth2.webapp.OAuth2InternalServerException;
import leap.oauth2.webapp.OAuth2Params;
import leap.oauth2.webapp.OAuth2ResponseException;

/* loaded from: input_file:leap/oauth2/webapp/token/DefaultTokenInfoLookup.class */
public class DefaultTokenInfoLookup implements TokenInfoLookup {
    private static final Log log = LogFactory.get((Class<?>) DefaultTokenInfoLookup.class);

    @Inject
    protected OAuth2Config config;

    @Inject
    protected HttpClient httpClient;

    @Override // leap.oauth2.webapp.token.TokenInfoLookup
    public TokenInfo lookupByAccessToken(String str) {
        if (null == this.config.getTokenInfoUrl()) {
            throw new IllegalStateException("The tokenInfoUrl must be configured");
        }
        HttpRequest method = this.httpClient.request(this.config.getTokenInfoUrl()).addQueryParam("access_token", str).setMethod(HTTP.Method.GET);
        if (null != this.config.getClientId()) {
            method.addHeader(Headers.AUTHORIZATION, "Basic " + Base64.encode(this.config.getClientId() + ElConfig.FUNCTION_NAME_SEPERATOR + this.config.getClientSecret()));
        }
        HttpResponse send = method.send();
        if (!ContentTypes.APPLICATION_JSON_TYPE.isCompatible(send.getContentType())) {
            throw new OAuth2InternalServerException("Invalid response from auth server");
        }
        String string = send.getString();
        log.debug("Received response : {}", string);
        JsonValue parse = JSON.parse(string);
        if (!parse.isMap()) {
            throw new OAuth2InternalServerException("Invalid response from auth server : not a json map");
        }
        Map<String, Object> asMap = parse.asMap();
        String str2 = (String) asMap.get(OAuth2Params.ERROR);
        if (Strings.isEmpty(str2)) {
            return createTokenInfo(asMap);
        }
        if (send.is2xx()) {
            throw new OAuth2InternalServerException("Auth server response error '" + str2 + "' : " + asMap.get(OAuth2Params.ERROR_DESCRIPTION));
        }
        throw new OAuth2ResponseException(send.getStatus(), str2, Objects.toString(asMap.get(OAuth2Params.ERROR_DESCRIPTION)));
    }

    protected TokenInfo createTokenInfo(Map<String, Object> map) {
        SimpleTokenInfo simpleTokenInfo = new SimpleTokenInfo();
        simpleTokenInfo.setClientId((String) map.remove(OAuth2Params.CLIENT_ID));
        simpleTokenInfo.setUserId((String) map.remove("user_id"));
        simpleTokenInfo.setCreated(System.currentTimeMillis());
        simpleTokenInfo.setExpiresIn(((Integer) map.remove("expires_in")).intValue() * HtplConstants.DEFAULT_RELOAD_INTERVAL);
        simpleTokenInfo.setScope((String) map.remove("scope"));
        return simpleTokenInfo;
    }
}
